示例#1
0
func New() BundleType {
	var obj BundleType
	obj.MessageType = "bundle"
	obj.Id = stix.NewId("bundle")
	obj.SetSpecVersion20()
	return obj
}
示例#2
0
func New() InfrastructureType {
	var obj InfrastructureType
	obj.MessageType = "infrastructure"
	obj.Id = stix.NewId("infrastructure")
	obj.Created = stix.GetCurrentTime().UTC().Format(defs.TIME_RFC_3339)
	obj.Modified = obj.Created
	obj.Version = 1
	return obj
}
示例#3
0
func New() CampaignType {
	var obj CampaignType
	obj.MessageType = "campaign"
	obj.Id = stix.NewId("campaign")
	obj.Created = stix.GetCurrentTime().UTC().Format(defs.TIME_RFC_3339)
	obj.Modified = obj.Created
	obj.Version = 1
	return obj
}
示例#4
0
func New() ReportType {
	var obj ReportType
	obj.MessageType = "report"
	obj.Id = stix.NewId("report")
	obj.Created = stix.GetCurrentTime().UTC().Format(defs.TIME_RFC_3339)
	obj.Modified = obj.Created
	obj.Version = 1
	return obj
}
示例#5
0
func New() SightingType {
	var obj SightingType
	obj.MessageType = "sighting"
	obj.Id = stix.NewId("sighting")
	obj.Created = stix.GetCurrentTime().UTC().Format(defs.TIME_RFC_3339)
	obj.Modified = obj.Created
	obj.Version = 1
	return obj
}
示例#6
0
func New() ObservedDataType {
	var obj ObservedDataType
	obj.MessageType = "observed-data"
	obj.Id = stix.NewId("observed-data")
	obj.Created = stix.GetCurrentTime().UTC().Format(defs.TIME_RFC_3339)
	obj.Modified = obj.Created
	obj.Version = 1
	return obj
}
示例#7
0
func main() {
	r := report.New()

	r.AddLabel("Attack Report")
	r.SetName("Malware Foo Report 2016")
	r.SetDescription("This report gives us details about Malware Foo")
	r.SetPublished(time.Now())

	r.AddObject(stix.NewId("malware"))
	// r.AddObject(stix.NewId("campaign"))
	// r.AddObject(stix.NewId("sighting"))
	// r.AddObject(stix.NewId("sighting"))
	// r.AddObject(stix.NewId("threat-actor"))
	// r.AddObject(stix.NewId("threat-actor"))
	// r.AddObject(stix.NewId("relationship"))
	// r.AddObject(stix.NewId("relationship"))
	// r.AddObject(stix.NewId("relationship"))
	// r.AddObject(stix.NewId("relationship"))
	// r.AddObject(stix.NewId("relationship"))
	// r.AddObject(stix.NewId("relationship"))
	// r.AddObject(stix.NewId("relationship"))
	// r.AddObject(stix.NewId("relationship"))

	// for j := 0; j <= 4; j++ {
	// 	r.AddObject(stix.NewId("indicator"))
	// }

	// Open connection to database
	filename := "/opt/go/src/github.com/freetaxii/libstix2/examples/db/freetaxii.sqlite"
	db, err := sql.Open("sqlite3", filename)
	if err != nil {
		log.Fatalf("Unable to open file %s due to error %v", filename, err)
	}
	defer db.Close()

	r.AddToDatabase(db)

	var data []byte
	data, _ = json.MarshalIndent(r, "", "    ")

	fmt.Println(string(data))
}
示例#8
0
func main() {
	r := report.New()

	r.SetName("Malware Foo Report 2016")
	r.SetDescription("This report gives us details about Malware Foo1")
	r.SetPublished(time.Now())

	r.AddObject(stix.NewId("malware"))
	r.AddObject(stix.NewId("campaign"))
	r.AddObject(stix.NewId("sighting"))
	r.AddObject(stix.NewId("sighting"))
	r.AddObject(stix.NewId("threat-actor"))
	r.AddObject(stix.NewId("threat-actor"))
	r.AddObject(stix.NewId("relationship"))
	r.AddObject(stix.NewId("relationship"))
	r.AddObject(stix.NewId("relationship"))
	r.AddObject(stix.NewId("relationship"))
	r.AddObject(stix.NewId("relationship"))
	r.AddObject(stix.NewId("relationship"))
	r.AddObject(stix.NewId("relationship"))
	r.AddObject(stix.NewId("relationship"))

	for j := 0; j <= 4; j++ {
		r.AddObject(stix.NewId("indicator"))
	}

	var data []byte
	data, _ = json.MarshalIndent(r, "", "    ")

	fmt.Println(string(data))
}
示例#9
0
func main() {
	container := make([]interface{}, 0)

	// Create a report
	r := report.New()
	r.SetName("Malware Foo Report 2016")
	r.SetDescription("This report gives us details about Malware Foo1")
	r.SetPublished(time.Now())

	// Create a campagin
	c := campaign.New()
	c.SetName("Bank Attack 2016")
	c.SetObjective("Compromise SWIFT system and steal money")
	r.AddObject(c.GetId())
	container = append(container, c)

	// Define a family of malware
	m1 := malware.New()
	m1.SetName("Zeus")
	m1.AddLabel("trojan")
	m1.AddLabel("malware-family")
	r.AddObject(m1.GetId())
	container = append(container, m1)

	// Define a piece of malware
	m2 := malware.New()
	m2.SetName("SpyEye")
	m2.AddLabel("trojan")
	m2.AddFilename("cleansweep.exe")
	m2.AddFilename("spyeye2_exe")
	m2.AddFilename("build_1_.exe")
	m2.AddHash("md5", "84714c100d2dfc88629531f6456b8276")
	m2.AddHash("sha256", "861aa9c5ddcb5284e1ba4e5d7ebacfa297567c353446506ee4b4e39c84454b09")
	m2.AddKillChainPhase("lockheed-martin-cyber-kill-chain", "command-and-control")
	r.AddObject(m2.GetId())
	container = append(container, m2)

	// Create an indicator
	i := indicator.New()
	i.SetName("Malware C2 Indicator 2016")
	i.SetDescription("This indicator should detect the SpyEye malware by looking for this MD5 hash")
	i.SetPattern("file-object:hashes.md5 = 84714c100d2dfc88629531f6456b8276")
	container = append(container, c)

	r.AddObject(stix.NewId("sighting"))
	r.AddObject(stix.NewId("sighting"))
	r.AddObject(stix.NewId("threat-actor"))
	r.AddObject(stix.NewId("threat-actor"))
	r.AddObject(stix.NewId("relationship"))
	r.AddObject(stix.NewId("relationship"))
	r.AddObject(stix.NewId("relationship"))
	r.AddObject(stix.NewId("relationship"))
	r.AddObject(stix.NewId("relationship"))
	r.AddObject(stix.NewId("relationship"))
	r.AddObject(stix.NewId("relationship"))
	r.AddObject(stix.NewId("relationship"))

	for j := 0; j <= 4; j++ {
		r.AddObject(stix.NewId("indicator"))
	}

	container = append(container, r)
	var data []byte
	data, _ = json.MarshalIndent(container, "", "    ")

	fmt.Println(string(data))
}